On 2020-12-23, Steve Williams <st...@williamsitconsulting.com> wrote: > Hi, > > With OpenBSD 6.8 installed, I'm investigating switching from OpenVPN > over to Wireguard. > > This is for roadwarrior with Windows 7/10 laptops to access my OpenBSD > 6.8 server. > > All I can find is wg(4) for reference. It has kind of an interesting > example, but I am struggling a bit without the "big picture". I don't > mind doing my own reading, but the only additional documentation I can > find is the Whiteguard whitepaper which is Linux and doesn't mention > "wgendpoint"... > > Is it necessary to use routing domains? I don't believe so as I've > never done that with any other interface.
No. > Where are the various wireguard parameters to ifconfig documented? From > the example: > ifconfig wg1 create wgport 111 wgkey `openssl rand -base64 32` > rdomain 1 Have a read of https://man.openbsd.org/ifconfig#WIREGUARD and ask again if something is missing. (Also check the updated wg(4) manual on man.openbsd.org too, it is a bit better than the manual in 6.8). The info for wgaip talls about a "routing table" which is a bit of an unfortunate name as it's nothing to do with "rtable" routing tables, it's internal to the wg instance (wg0/wg1/whatever). This relates to what the wg(4) manual says about Allowed IPs.
